Cyber Resilience

CVE-2026-9452

Medium

Published: 25 May 2026

Published
25 May 2026
Modified
26 May 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0155 71.8th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-9452 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A security vulnerability has been identified in FoundDream miniclawd up to commit 2d65665046e2222eeea76cafc8570ed546a8c125, specifically in the ExecTool.execute function within the file /src/tools/exec.ts. The flaw enables operating system command injection and carries a CVSS 4.0 score of 5.5. The product does not employ versioning, so no affected or unaffected releases are defined, and the maintainers have not responded to the early disclosure via issue report.

Remote attackers without authentication can exploit the issue to inject and execute arbitrary operating system commands, resulting in limited impacts to confidentiality, integrity, and availability. The attack vector is network-accessible with low complexity, and a public exploit has already been disclosed.

References including the project repository at github.com/FoundDream/miniclawd and the associated issue report indicate that no patches or mitigation guidance have been published. The EPSS score remains flat at 0.0218 with no material increase observed since disclosure.

EU & UK References

Vulnerability details

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The exploit has…

more

been disclosed publicly and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Remote OS command injection in ExecTool.execute directly enables T1190 (public-facing app exploitation) and arbitrary command execution via T1059 (Command and Scripting Interpreter).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-2544Shared CWE-77, CWE-78
CVE-2026-2184Shared CWE-77, CWE-78
CVE-2026-4585Shared CWE-77, CWE-78
CVE-2025-1536Shared CWE-77, CWE-78
CVE-2026-4170Shared CWE-77, CWE-78
CVE-2025-15501Shared CWE-77, CWE-78
CVE-2026-7698Shared CWE-77, CWE-78
CVE-2026-2952Shared CWE-77, CWE-78
CVE-2025-1676Shared CWE-77, CWE-78
CVE-2025-44015Shared CWE-77, CWE-78

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References